$2600 for FUll CS5.5 makes no sense for me - but $100 or maybe even $200 to get fully licensed but without any paper manuals or support would work for me.

That's why you can rent it now.

And yet the majority of people are still probably pirating it or lying about being students

Face it, pirates are assholes. Like drug addicts, they will rationalize and come up with a million reasons why their bad behavior isn't bad or is at least neutral (Well, I wasn't going to buy it anyway therefor they really aren't out anything anyway and your just being a dick for calling me a thief!).

It's still theft and it's still wrong. If you don't like the cost of something, go create your own alternative. There is no moral imperative to use someone else's stuff for free just because you don't agree with their wishes.

And yet the majority of people are still probably pirating it or lying about being students

Face it, pirates are assholes. Like drug addicts, they will rationalize and come up with a million reasons why their bad behavior isn't bad or is at least neutral (Well, I wasn't going to buy it anyway therefor they really aren't out anything anyway and your just being a dick for calling me a thief!).

It's still theft and it's still wrong. If you don't like the cost of something, go create your own alternative. There is no moral imperative to use someone else's stuff for free just because you don't agree with their wishes.

Selfish thieves....

Indeed. Who are they trying to convince? I'd have more respect if they just said: "I want it but I don't want to pay for it, so I'm not gonna." At least that's honest. Seriously, the old App Store reviews that were all "Should be free!" to every single paid app were far less annoying than pirates.

Last week on a thread about jailbreaking, I said that many jailbreakers are pirates, liars and dishonest people.

A few morons on that thread got mad at me.

Guess what......I still think that many jailbreakers are dishonest liars and pirates. Judging by the replies in that other thread, you'd think that 95% of people who jailbreak do it for reasons other than piracy, or so they claim.

I say bullshit. Be a man, quit lying, grow some testicles and just admit that you're a pirate.

Actually, you are wrong. Apple can and does check which apps have been purchased, this happens if a cracked app is updated through the AppStore. A prompt comes up to ask the user to purchase the app as it hasn't previously been purchased.

It would be quite simple to therefore also perform this check when gamecenter is launched, or just display stats for purchased apps in GC.

Read through half a page of unconvincing arguments before I stumbled on this one. This logic makes sense to me. Apple could restrict game center for only pirated apps...

Perhaps they do not want an alternative to game center to emerge and become popular? Who knows.

It depends what you call legitimate. I'd say being able to test out apps on the $500 device you bought without having to pay $100 every year to Apple again is legitimate. I'd say customisation is legitimate too - not just themes but gestures. A lot of the new features in iOS5 have been implemented in much the same way as software that can only be implemented on a jailbroken phone and people have had those features for a year or more now. People who follow Apple's restrictions have to wait. Waiting is not better.

On the flip side, it appears that a lot of jailbreakers do steal apps so if Apple implements measures to stop jailbreaking, I'd rather they combine it with some more relaxed rules so that people have fewer legitimate reasons to do so.

Quote:

Originally Posted by katastroff

The cracking procedure strips that copy-protection out of the app. That's why devs should put in extra routines.

There are two steps though - cracking the app and modifying the installd binary via AppSync. If Apple did a remote hash check of the installd binary when you install an app (even a free one from the AppStore) or go online and warn that all apps would be removed on the next sync unless the OS was restored to a legitimate version, that would put a stop to it.

Quote:

Originally Posted by Stuffe

Checksum the binary
Phone home with the checksum
Allow the remote server to sent a result back to say if it's valid or not
continue appropriately

Yeah, any verification step needs to be remote but another option that's interesting is the one some apps on Steam use. I think it's been cracked already but it still makes things more difficult as you have to do it yourself for every app. It's called custom executable generation (CEG) and for every app that gets installed, it compiles an executable just for your account:

Apple can't get the source code for every app but they may be able to link a dynamic library at run-time, which has been generated from source-code they own and has to be run before the app runs. This custom executable would only have to contain a unique code that referenced the iTunes purchase.

On connecting to the App Store or internet, it could check if all your CEGs match and if not, disable or remove the offending apps. There's no way that a unique id generated from an iTunes purchase could be reverse engineered because it would use a timestamp.

There are two steps though - cracking the app and modifying the installd binary via AppSync. If Apple did a remote hash check of the installd binary when you install an app (even a free one from the AppStore) or go online and warn that all apps would be removed on the next sync unless the OS was restored to a legitimate version, that would put a stop to it.

There's no such thing as a remote hash check, there is only a remote request for a local hash-check. To do a remote hash-check Apple would have to competely download the App/OS back down from that handset, which would be a little hot on the bandwidth. Even then the OS could just spoof it if it had a delta so that it could generate the original binary on the fly.

Inevitably any anti-piracy measure will have a local component, and so once the OS is compromised, you cannot rely upon it.

Quote:

Apple can't get the source code for every app but they may be able to link a dynamic library at run-time, which has been generated from source-code they own and has to be run before the app runs. This custom executable would only have to contain a unique code that referenced the iTunes purchase.

The CEG solution, or for that matter anything which embeds a user specific code into the binary is an option, but all it could reliably do is deny you access to the game-center, you could still play the game, because again an OS level hack could simply disable the entire process that checks the validity of the code. Moreover any such protection system would risk false positives, even if the rate is one in a million, when you have 15billion app downloads that can start to be a major headache.

So a considerable technical undertaking, requiring additional servers, large databases, more complex cloud (redownload needs to be the same unique CEG), pissed off consumers and all you've achieved is that pirates don't get their highscores recorded.

To do a remote hash-check Apple would have to competely download the App/OS back down from that handset, which would be a little hot on the bandwidth.

The hash is generated locally but verified remotely. If iTunes generated the hash of installd on the device and sent the hash back to Apple's servers, it could be verified against the correct one. iTunes could be hacked to generate a valid hash but it's an extra layer of difficulty.

Quote:

Originally Posted by cloudgazer

The CEG solution, or for that matter anything which embeds a user specific code into the binary is an option, but all it could reliably do is deny you access to the game-center, you could still play the game, because again an OS level hack could simply disable the entire process that checks the validity of the code.

It could do more than that because if the purchase tag inside the CEG didn't match a valid iTunes purchase then it would remove the app whenever your device goes online or connects to iTunes. Obviously, hacked apps can be distributed with a valid code but Apple can check how many unique hardware identifiers are using it.

Enough layers to make it not worth the bother.

- first you have to get a jailbreak
- you have to install AppSync
- you have to install Installous for DRM-stripped apps
- you have to hack iTunes to bypass the hash verification on installd
- you have to either generate a CEG for every DRM-stripped app or you have to hack the OS to allow you to bypass the check
- you have to block any internet connection and iTunes sync from checking for a CEG mismatch

After that, I'm sure a lot of people would just say 'hell it's only 99c, I'll just buy the app'.

Quote:

Originally Posted by cloudgazer

Moreover any such protection system would risk false positives, even if the rate is one in a million, when you have 15billion app downloads that can start to be a major headache.

They already have these checks now though. The App Store verifies your purchases and remembers apps/music you bought. Over 600 million encrypted movies/TV Shows have been sold and they know which computers are verified to play them. Even with the possibility of false positives, I think they can handle it.

The hash is generated locally but verified remotely. If iTunes generated the hash of installd on the device and sent the hash back to Apple's servers, it could be verified against the correct one. iTunes could be hacked to generate a valid hash but it's an extra layer of difficulty.

a) people can just go tether free in a few weeks,
b) hacking iTunes would be no harder than jailbreaking, in fact it would be rather easier
c) only sync your iDevice with the network cable unplugged

Quote:

It could do more than that because if the purchase tag inside the CEG didn't match a valid iTunes purchase then it would remove the app whenever your device goes online or connects to iTunes. Obviously, hacked apps can be distributed with a valid code but Apple can check how many unique hardware identifiers are using it.

How exactly? Oh by issuing an instruction to iOS, which was compromised. Oh dear. Besides my hacked iOS can just not communicate app data to the servers at all, ever. The only reason it would ever need to is to access a service like game-center.

Quote:

Enough layers to make it not worth the bother.

- first you have to get a jailbreak
- you have to install AppSync
- you have to install Installous for DRM-stripped apps
- you have to hack iTunes to bypass the hash verification on installd
- you have to either generate a CEG for every DRM-stripped app or you have to hack the OS to allow you to bypass the check
- you have to block any internet connection and iTunes sync from checking for a CEG mismatch

The hacked ROMs might lag a little, but they'd be available for easy download. Likewise the hacked iTunes. Once you had them you could pirate freely. Given that people have paid money for physical hardware that allowed them to pirate on platforms in the past, I think that just downloading some stuff will not prove too taxing.

Never underestimate how much effort pirates will invest in not paying.

Quote:

They already have these checks now though. The App Store verifies your purchases and remembers apps/music you bought. Over 600 million encrypted movies/TV Shows have been sold and they know which computers are verified to play them. Even with the possibility of false positives, I think they can handle it.

That's all entirely local. iTunes does the verification, as does the iDevice - there's no huge database to be maintained just a little bit of (easily stripped) DRM data that can be checked to see if it matches your user code. It's far simpler, and there's no possibility of a server failure causing users to suddenly suffer an inability to play content.

What you're describing brings to mind how Steve Jobs described the blu-ray DRM situation - a world of hurt. Much like that blu-ray DRM it's a world of hurt that serves no good purpose, it would put Apple at war with its consumers, it won't happen.

As an iOS developer getting ready to release a new app, I'm seriously considering making it so that my app will fail to run on jailbroken devices. I happen to agree that most jailbreakers are pirates, so why should I support their community at all?

I say everyone should start to do a little extra check on the system and if its not a legit copy of iOS running then your app = black screen of nothing.

Game Center ID != Apple ID for purchasing apps. They are not the same, and this is clearly not a way of measuring piracy.

I have 80gb+ of purchased apps, no jailbroken devices, no pirated apps. My Apple ID is used in our household for our iOS devices. (two iPhones, an iPad, two iPod touches) but all four of us each have separate Game Center ID's... otherwise save games, scores etc can't be compared or kept separate.

a) people can just go tether free in a few weeks,
b) hacking iTunes would be no harder than jailbreaking, in fact it would be rather easier
c) only sync your iDevice with the network cable unplugged

They are all more compromises you have to make. There's no way you will remember to unplug the internet during every sync, especially on devices with 3G. Having to get hacked iTunes versions would be a nuisance after a short time.

Quote:

Originally Posted by cloudgazer

How exactly? Oh by issuing an instruction to iOS, which was compromised. Oh dear. Besides my hacked iOS can just not communicate app data to the servers at all, ever. The only reason it would ever need to is to access a service like game-center.

You would need to connect to their servers to buy content from iTunes. Of course if you steal all apps and music and movies and don't sync using iTunes or iCloud, you can avoid it but then you don't have backups and an app you want might not exist on Installous.

Quote:

Originally Posted by cloudgazer

Never underestimate how much effort pirates will invest in not paying.

Yeah, I know but as I say, enough measures make it not worthwhile. Look at Sony for example. You could say you just get a jailbreak, you download a Blu-Ray rip, copy it onto a USB drive and there you go. But banning accounts from PSN, forcing firmware updates to play new games, matching the hacked apps with your hacked firmware so they run properly and the sheer size of Blu-Ray downloads just make it not worthwhile. The PS3 is almost impervious to piracy right now and will be for the life of the console.

Quote:

Originally Posted by cloudgazer

That's all entirely local. iTunes does the verification, as does the iDevice - there's no huge database to be maintained

If it wasn't server-side, you wouldn't be able to de-authorise all computers associated with your id, nor could Apple impose a 5-machine limit on your authorised machines:

Fairplay has of course been reverse-engineered and there's even an app for stripping DRM from other apps and the same could happen with a new scheme but if you had enough measures, I think it would at least tone down the piracy.

The most effective hack is hiding apps from any checks - just make the OS unaware. Cydia apps don't sync to your iTunes library. But that's a one-off modification to the OS. If every legitimate application had code to perform a check of which apps were installed, they could report back to HQ. This can be updated way more frequently than the OS because they just apply the new custom executable to every new app purchased from the app store. The only way round this is to avoid using any of Apple's services ever and Apple could close down your App Store account on a detection or erase the offending apps. Yes they could strip the CEG from every app after reverse-engineering it but they'd have to keep updating it and the very second Apple updates it, BOOM, apps are gone.

Quote:

Originally Posted by cloudgazer

What you're describing brings to mind how Steve Jobs described the blu-ray DRM situation - a world of hurt. Much like that blu-ray DRM it's a world of hurt that serves no good purpose, it would put Apple at war with its consumers, it won't happen.

It's not the DRM of Blu-Ray that's the 'bag of hurt' but the licensing. Apple already use HDCP DRM. Anyway, the checks impose no limitations on legitimate purchases. With music and movies, the restrictions are problematic because you generally want to use the media on multiple devices. Apps are designed to run on one type of device so there's no harm done to legitimate users.

Yeah, I know but as I say, enough measures make it not worthwhile. Look at Sony for example. You could say you just get a jailbreak, you download a Blu-Ray rip, copy it onto a USB drive and there you go. But banning accounts from PSN, forcing firmware updates to play new games, matching the hacked apps with your hacked firmware so they run properly and the sheer size of Blu-Ray downloads just make it not worthwhile. The PS3 is almost impervious to piracy right now and will be for the life of the console.

Sony went to huge efforts to block piracy on the PS3, and it still failed. Unlike Apple, Sony's primary income stream from the PS3 is from software sales, so it was highly motivated to do this - and it still seems to have failed.

Expecting Apple to do the same when it has practically no skin in the game is ridiculous.

Quote:

If it wasn't server-side, you wouldn't be able to de-authorise all computers associated with your id, nor could Apple impose a 5-machine limit on your authorised machines:

That again is dependent on trusted client software obeying the server.

Quote:

The most effective hack is hiding apps from any checks - just make the OS unaware. Cydia apps don't sync to your iTunes library. But that's a one-off modification to the OS. If every legitimate application had code to perform a check of which apps were installed, they could report back to HQ.

If the code to do so was standardized it could be ripped out in a standard way, if the code wasn't standardized then it would be a huge amount of work. Also that would ruin the app sandbox model because suddenly every App has to have networking - so it would reduce user security, in order to improve developer security. If you move the communication back to the server into a special API call, then it's easy to just remove the call.

This topic has brought out sheer ignorance in this thread. A quick read through indicates that many people are willing to accuse everyone who jailbreaks their device of stealing from Apple, without any evidence whatsoever.

For every person who says that if you jailbreak, you will "probably", "likely" steal pirated apps, you need your @#$%^&* head examined.

That is no different than saying if you establish an internet connection at home with an ISP, then you will likely pirate music/movies/software.

What a psychotic lobotomy operation Apple has performed on some you, to the point where you think legally unlocking the in and out of your device has ANYThING to do with piracy. Sick maniacs.

Expecting Apple to do the same when it has practically no skin in the game is ridiculous.

Apple takes 30% of every sale ($2.5b paid out, $1b kept). If people steal the apps, they lose money too - this revenue keeps the store running. They stepped in when Lodsys were suing their developers so they should step in now and stop people stealing software.

Quote:

Originally Posted by cloudgazer

That again is dependent on trusted client software obeying the server.

If you make a suitably complex request to the client i.e not 'are you authorised to play this - yes/no', it's difficult to break, especially if the method is revised (security by obscurity).

Quote:

Originally Posted by cloudgazer

If the code to do so was standardized it could be ripped out in a standard way, if the code wasn't standardized then it would be a huge amount of work. Also that would ruin the app sandbox model because suddenly every App has to have networking - so it would reduce user security, in order to improve developer security. If you move the communication back to the server into a special API call, then it's easy to just remove the call.

It wouldn't have to be a sub-process of the app but a parent process or co-process that is killed so the sandbox is maintained and it just needs read-only access. Plus apps have legitimate access to all your data anyway so it doesn't really matter much about the sandbox when Apple violates it.

You go onto the App Store, download Angry Birds Rio legitimately but it has a new parent wrapper that does a new authentication check (am 2). On launch, the wrapper checks out your installed apps and your OS and phones home and you're caught, apps deleted by wrapper.

So along comes the hacker and cracks the method for am 2. Big deal, Apple implements another wrapper for every new download instantly, no update required on the user-end. As soon as you install a legit app, it wipes out your illegal apps.

Obviously, you can avoid visiting the App Store or whatever but with enough methods that make it not worth your while then they at least put up an active resistance to app theft, which is all they need to do.

This topic has brought out sheer ignorance in this thread. A quick read through indicates that many people are willing to accuse everyone who jailbreaks their device of stealing from Apple, without any evidence whatsoever.

It's a couple of years old but here's some evidence to suggest there's a fairly high percentage of jailbreakers stealing:

Out of 4 million jailbroken devices, 38% had a least one pirated app. What is more interesting is the number of jailbroken devices, which is fairly low. So if under half of those people are stealing apps, the problem may be low enough not to worry about but still high enough to make theft a motivation for a significant portion of the jailbreakers.

Flurry reported 10% of their tracked devices were jailbroken.

You could be talking about 20 million jailbroken devices and just under 10 million people stealing apps. Overall, this doesn't seem like a big problem but could still lead to the developers of certain apps seeing a 90% theft ratio.

Out of 4 million jailbroken devices, 38% had a least one pirated app. What is more interesting is the number of jailbroken devices, which is fairly low. So if under half of those people are stealing apps, the problem may be low enough not to worry about but still high enough to make theft a motivation for a significant portion of the jailbreakers.

Flurry reported 10% of their tracked devices were jailbroken.

You could be talking about 20 million jailbroken devices and just under 10 million people stealing apps. Overall, this doesn't seem like a big problem but could still lead to the developers of certain apps seeing a 90% theft ratio.

Less than half is a far cry from the posters who claim that jail breaking is synonymous with stealing, or 100% or those jail breakers are using stolen apps. .Maybe it's the name "jailbreak" that these posters can't escape. IOW, "only criminals would break out of jail" but they aren't seeing the bigger picture. How many are jailbreaking just so they can do the software unlock? Maybe we it would be perceived differently if it was just called "rooting the device."

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

Yeah, any verification step needs to be remote but another option that's interesting is the one some apps on Steam use. I think it's been cracked already but it still makes things more difficult as you have to do it yourself for every app. It's called custom executable generation (CEG) and for every app that gets installed, it compiles an executable just for your account:

Yeah, I think you can't stop these things from getting cracked eventually. They key to me, comes from a phrase I learned in my first job on a course I was sent on. "Step 1, define the problem". We are starting from a platform of "Piracy must be stopped" and diving straight into methods of solving it, most of which stand no chance of working for more than a couple of weeks.

Step 1: Define the problem - in this case it means measuring the rate of piracy. The checksum methods etc, if done in such a way as to be entirely irrelevant to the pirate, would help stat up the problem with proper date and cut through most of the crap people spout. If the pirate game is still playable, I can't see people hunting out the reporting code and disabling it to hide their tracks.

Apple takes 30% of every sale ($2.5b paid out, $1b kept). If people steal the apps, they lose money too - this revenue keeps the store running. They stepped in when Lodsys were suing their developers so they should step in now and stop people stealing software.

Most of Apple's costs for keeping the store running are variable not fixed. 20cents for credit card payment for example. Apps are not a profit centre for Apple, not the way they are for Playstation. Games drive hardware sales for Apple, for Sony it's the other way around.

Step 1: Define the problem - in this case it means measuring the rate of piracy. The checksum methods etc, if done in such a way as to be entirely irrelevant to the pirate, would help stat up the problem with proper date and cut through most of the crap people spout. If the pirate game is still playable, I can't see people hunting out the reporting code and disabling it to hide their tracks.

Yes, it could be done in a way that is secretive and track piracy - it may already be in place. This way, the App Store ids (or even phone numbers) of pirates could be traced and Apple can determine if it's worth acting on it.